[keycloak-user] Keycloak 1.9.5.Final Released
Stian Thorgersen
sthorger at redhat.com
Mon May 30 01:22:47 EDT 2016
There's 3 places this would be relevant: session codes (used during
authentication), OpenID Connect and SAML. Only SAML currently supports
configuring to SHA512. It's not currently on the road-map to add for the
others, but feel free to create a JIRA issue to request this.
On 30 May 2016 at 02:06, Lange, Christian <christian.lange at atos.net> wrote:
> Hello Stian, (Hello Developers,)
>
> I wonder if you think about switching from SHA256 as the default hash
> algorithm to SHA512.
> Nowadays most of the servers are equipped with 64Bit CPUs and SHA512 can
> actually benefit from that architecture (under good conditions 1/3x faster
> than SHA256).
>
> Correct me if I'm wrong but as far as I know it's not possible to select
> the algorithms without some custom code changes.
>
> Best regards,
> Christian
>
> ________________________________________
> Von: keycloak-user-bounces at lists.jboss.org [
> keycloak-user-bounces at lists.jboss.org]" im Auftrag von "Stian
> Thorgersen [sthorger at redhat.com]
> Gesendet: Donnerstag, 26. Mai 2016 21:13
> An: keycloak-user; keycloak-dev
> Betreff: [keycloak-user] Keycloak 1.9.5.Final Released
>
> Keycloak 1.9.5.Final has just been released. There's one change worth
> highlighting in this release. We've increased the default password hashing
> intervals to 20000. Yes, you read that right. We've actually recommended
> using 20000 for a while now, but the default was only 1. This is a clear
> trade-off between performance and how secure passwords are stored. With 1
> password hashing interval it takes less than 1 ms to hash a password, while
> with 20000 it takes tens of ms.
>
> For the full list of resolved issues check out JIRA<
> https://issues.jboss.org/issues/?jql=project%20%3D%20keycloak%20and%20fixVersion%20%3D%201.9.5.Final>
> and to download the release go to the Keycloak homepage<
> http://www.keycloak.org/downloads>.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160530/601e1b0b/attachment-0001.html
More information about the keycloak-user
mailing list